stef@memberwebs.com wrote:

Full_Name: Stef Walter Version: openldap 2.4.10 OS: FreeBSD 6.3-RELEASE-p2 URL: http://memberwebs.com/stef/scraps/openldap24-buffer-overflow.patch Submission from: (NULL) (189.162.38.105)

The back_sock and back_shell backends have a buffer overflow (off by one) problem in their result parsing code in read_and_send_results() lines 82-89 in result.c. The buffer is reallocated when an additional string would be too long for the buffer, but the string's null terminator is not taken into account.

This can cause a crash in certain situations. These situations are obviously data and OS dependent. But with specific data, the crash is reproducible.

Patch which fixes the problem:

Thanks, now fixed in CVS HEAD.